Are consumers kept in the dark about data breaches?

[box border=”full”]ACCAN: Consumers at risk if data breach notifications shelved[/box]

Australia’s peak telecommunications consumer body, ACCAN, is urging a current Senate Committee to support the introduction of mandatory data breach notification laws as it would significantly lead to better security of Australians’ private and financial information.

The Senate Committee is accepting submissions on the Privacy Amendment (Privacy Alerts) Bill 2013, which, if passed, would require government agencies and businesses to notify affected consumers whenever their personal or financial information has been compromised.

Business lobbyists have argued in the media that the mandatory notifications would create an undue burden on business.

ACCAN believes this is a cynical move designed to sweep privacy breaches under the carpet and keep consumers in the dark when their personal information has been lost or stolen.

“Consumers have a right to be informed when companies lose or misuse their data and ACCAN does not believe such notifications would be difficult to provide,” said ACCAN CEO Teresa Corbin.

“The committee must support this long overdue reform as otherwise poor privacy and security practices will go unnoticed until something goes wrong.

“Reducing transparency means consumers can’t take steps to protect themselves. And if their data has been hacked, not having notifications only helps cyber criminals cover their tracks and disappear before consumers realise they’ve been ripped off.”

The notifications would be a clear benefit to all Australians – both by providing consumers with information about organisations with poor data breach histories and by providing an incentive for organisations to improve their data handling practices.

The Bill follows a significant number of high-profile data breaches, some of which the affected customers were notified through the media rather than by the relevant company.

“The fact that consumers are first finding out that their private information has been compromised via the media is unacceptable. It also points to the fact that currently, we just don’t know how many breaches there are, how big they are and who they’re affecting. Consumers can’t be sure what’s happened to their information and they have a right to know,” said Ms Corbin.

In 2008, following a multiple-year, multiple-stakeholder, comprehensive review of the issue, the Australian Law Reform Commission recommended mandatory data breach notifications be introduced.

“It’s simply unfair on Australian consumers that it is taking this long to introduce this requirement. It’s a business’ responsibility to protect their customers’ private information; it’s as simple as that.”

Stakeholders were informed that the Bill had gone to committee on Tuesday evening but the committee is no longer accepting submissions as of noon Thursday.

Additional information

  • In 2012, AAPT’s servers were attacked by the group “Anonymous”.
  • In late 2011, over 700,000 Telstra customer records were made publicly accessible over the internet.
  • In early 2011, the Sony Playstation Network was compromised, with approximately 77 million customers affected worldwide.
  • In late 2010, a mailing list error resulted in 220,000 letters with incorrect mailing addresses being mailed to Telstra customers.
  • In 2009, a design flaw resulted in the online chat transcripts of a depression counselling service being made publicly accessible.
  • Most recently, almost 10,000 Telstra customer records were made public on the internet, in circumstances similar to the 2011 incident.